Archive for September, 2010
Posted in September 30th, 2010
Zero Day Initiative Advisory 10-183 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli FastBack Server. Authentication is not required to exploit this vulnerability. The flaw exists within F…
continue reading.....
Posted in September 30th, 2010
Last week I wrote about Ares and Draftsight, and how they where close to go full comercial (Ares, Draftsight will be free as Mac and Win released versions), so this is it…. So, since 18 Set., what happened here? Let’s go back a few days, and: 22 September – I found out that Draftsight for MAC is available for download 28 September – After reporting a bug for ARES, I received an email from Graebert, that says "BTW: We have released a final version of ARES Commander on Linux yesterday evening.".
continue reading.....
Posted in September 30th, 2010
PECL Alternative PHP Cache ‘apc.php’ Cross Site Scripting Vulnerability
continue reading.....
Posted in September 30th, 2010
This is the newest addition to [Arren Parker's] Burning Man wardrobe. The full-length lighted faux-fur coats is completely his creation. He started with a pattern that he acquired from Ebay, adding side pockets and changing the hood to a collar. From there he added the 256 RGB LEDs that make it shimmer so appealingly. For [...]
continue reading.....
Posted in September 30th, 2010
The TechCrunch staff has been pretty busy these last few days, what with throwing and covering a conference and all, but our excellent event photographers (Dave Getzschman, Max Whittaker, and Aaron Morris) have been even busier. They’ve taken hundreds of shots, all far better than those I could manage during the panels and chats, and they’re all collected at the TechCrunch Flickr page.
I’ve sifted through them and collected a few of what I felt were the best; (use info). If you feature prominently in one of these photos and would rather the picture is deleted, let us know. Feel free to use these in any way you see fit, as long as you give credit to TechCrunch and the photographer.
continue reading.....
Posted in September 30th, 2010
QuickPlayer ‘.m3u’ File Buffer Overflow Vulnerability
continue reading.....
Posted in September 30th, 2010
Rather than installing a server, such as a web server, directly onto your main computer, why not install it in a VM? This sort of setup has a few advantages of security and convenience. These da…
continue reading.....
Posted in September 30th, 2010
Joe Wilcox at BetaNews has posted a must-read article in the wake of the announcement – made at TechCrunch Disrupt SF – that the Redmond software giant would be transitioning all its Windows Live Spaces users to Automattic‘s WordPress.com platform.
You may recall Dharmesh Mehta, Director of Product Management for Windows Live, stating that there were roughly 30 million active Windows Live Spaces accounts.
Wilcox, however, has managed to obtain internal e-mail messages exchanged between (yet unnamed) Microsoft employees that suggest far lower numbers.
continue reading.....
Posted in September 30th, 2010
I’ve written a few posts on IPv6 here. I read the short Transition to IPv6 Memo (.pdf) written by Federal CTO Vivek Kundra. I’d like to comment on two of the assumptions he makes in that memo:The Federal government must transition to IPv6 in order to…
continue reading.....
Posted in September 30th, 2010
[security bulletin] HPSBUX02587 SSRT100215 rev.1 – HP-UX Directory Server and Red Hat Directory Server for HP-UX, Local Disclosure of Information, Privilege Escalation
continue reading.....
Posted in September 30th, 2010
Zero Day Initiative Advisory 10-184 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli FastBack Server. Authentication is not required to exploit this vulnerability. The specific flaw exists…
continue reading.....
Posted in September 30th, 2010
HP Security Bulletin – A potential security vulnerability has been identified in HP-UX Directory Server and Red Hat Directory Server for HP-UX. The vulnerability could be exploited locally resulting in information disclosure and privilege escalation.
continue reading.....
Posted in September 30th, 2010
ZeeWays eBay Clone Auction Script ‘product_desc.php’ SQL Injection Vulnerability
continue reading.....
Posted in September 30th, 2010
d.net CMS SQL Injection and Local File Include Vulnerabilities
continue reading.....
Posted in September 30th, 2010
by
admin in
fpd,
full path disclosure,
Hacking Tools,
information leakage,
information-leak,
inspath,
inspathx,
path disclosure,
path disclosure scanner,
path disclosure scanning,
path disclosure scanning tool,
path disclosure vulnerability,
rss,
web application security scanner,
Web Hacking,
web-application-hacking,
web-application-security,
web-security,
yehg,
ygn
inspathx is a tool that uses local source tree to make requests to the URL and searches for path inclusion (Full Path Disclosure) error messages. It’s a very common problem in PHP web applications that crops up a lot. PHP Web application develope…
continue reading.....
Posted in September 30th, 2010
E-commerce platform eSellerPro has raised £2m from Notion Capital. It says it will use the new funds to invest in sales, marketing and customer service to “further drive and support huge demand” across the UK, European and U.S. markets, which has alre…
continue reading.....
Posted in September 30th, 2010
[Onapsis Security Advisory 2010-007] SAP Management Console Multiple Denial of Service
continue reading.....
Posted in September 30th, 2010
Posted in September 30th, 2010
Wired: 3 Secret Apple TV Features Steve Jobs Hasnt Told You About
continue reading.....
Posted in September 30th, 2010
IT Management: ‘Pre-crime’ Comes to the HR Dept.
continue reading.....
Posted in September 30th, 2010
Posted in September 30th, 2010
Futurity: Are your apps spying on you?
continue reading.....
Posted in September 30th, 2010
Unions are leading the way, mobilizing progressives for big DC rally, in order to mobilize for Nov. election, and press corporate corruption agenda.
continue reading.....
Posted in September 30th, 2010
Unsurprisingly, many in the right-wing media seem to have some issues with women.
continue reading.....
Posted in September 30th, 2010
The much-talked about documentary on school reform tells a familiar story about unions and schools — but misses the whole story.
continue reading.....
Posted in September 30th, 2010
The Republican South Carolina senator’s threat to essentially shut down legislation in the chamber is a shocking act of scorched-earth politics.
continue reading.....
Posted in September 30th, 2010
Zero Day Initiative Advisory 10-185 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager Fastback. Authentication is not required to exploit this vulnerability. The specific fl…
continue reading.....
Posted in September 30th, 2010
Gentoo Linux Security Advisory 201009-9 – fence contains multiple programs containing vulnerabilities that may allow local users to overwrite arbitrary files via a symlink attack. The fence_apc, fence_apc_snmp (CVE-2008-4579) and fence_manual (CVE-2008…
continue reading.....
Posted in September 30th, 2010
Local information disclosure exploit that makes use of an XFS filesystem vulnerability.
continue reading.....
Posted in September 30th, 2010
Quick Player version 1.3 unicode SEH exploit.
continue reading.....
